Advisory Details

April 28th, 2020

TP-Link TL-WA855RE login.json Improper Authentication Privilege Escalation Vulnerability

ZDI-20-553
ZDI-CAN-10003

CVE ID CVE-2020-10916
CVSS SCORE 8.0, (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
AFFECTED VENDORS TP-Link
AFFECTED PRODUCTS TL-WA855RE
VULNERABILITY DETAILS

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device.

ADDITIONAL DETAILS

Fixed in version TL-WA855RE(US)_V4_200403


DISCLOSURE TIMELINE
  • 2020-03-15 - Vulnerability reported to vendor
  • 2020-04-28 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES